Chapter 12 – PGP & Encryption

Chapter 12 – PGP & Encryption
PGP stands for pretty good privacy, and it is a tool used to encrypt, sign and verify. It does this by creating two keys a private key and a public key, the private key as its name implies you keep to yourself and keep it secure. The public key you share with anyone wanting to send you encrypted messages/emails. Anyone can encrypt a message to you using your public key a message they can not even decrypt (unless they also encrypt it for themselves) the only way anyone can decrypt that message is with your private key. You can use pgp keys in most email clients and there are addons to auto encrypt decrypt if you don’t want to go the manual route of writing something out tossing in your encryption tool, and then pasting into your email to send. Proton mail does this by default and will auto decrypt anything you receive assuming they used your proton key and not another. You can also sign messages which proves it came from you and can not be edited as then it would fail verification. For windows I use Kleopatra which is acctually called Gpg4win here is a link https://www.gpg4win.org/get-gpg4win.html
you do not need to donate to download it but is always an option. For mobile I use OpenKeychain on android. You can make a key on either of these apps or download and import your proton key. For a moment lets assume you are using Kleopatra, when you select new openpgp key pair you will want to go to advanced and change the default encryption you either want RSA with 4096 bits or ECDSA with ed/cv25519 these are both what is still considered overkill but is highly recommended as it has a longer use case. They are both good and you can do further research if you want to get into specifics. Once thats made you should backup the secret key somewhere safe and export the public key to share with others. You can use these for anything, storing secured notes if you encrypt to yourself, sending texts, emails etc. Here is a little test if you wish to learn more and get into using keys
here is a public key, copy it all of it and in Kleopatra go to Tools, clipboard, certify important

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZEhwihYJKwYBBAHaRw8BAQdAgJztbE8G1Wid8xQXdza21PMtI/UsdDg3JxNA
td1KF7+0F1ByaXZhY3lfJl9zZWN1cml0eV9nb29kiJMEExYKADsWIQTPeMoMWvEC
Y0lDLpYd98YHsQ9FzwUCZEhwigIbAwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIX
gAAKCRAd98YHsQ9Fz1HwAP90Mo2TYSYYlJbhP04xIFF2HqekfoHIxXnTXocakOTs
8QEA7UeNl7Oouz+j+5Du2DSwg5og9bXzU6crFip8g4bDLQi4OARkSHCKEgorBgEE
AZdVAQUBAQdArmIed4TPEqg0eeWipNVno7g56ByLtRACCbG2sLQEKSoDAQgHiHgE
GBYKACAWIQTPeMoMWvECY0lDLpYd98YHsQ9FzwUCZEhwigIbDAAKCRAd98YHsQ9F
z/xDAQC0BFV2n/XvCN0tTlS8NZIWl/9g/bSKxdpSCMOX2t7YywEA0RgfD1D6EkSJ
XWH6RQrUwD6sO4x9+7kjC+DKFt6NQgY=
=+Boz
-----END PGP PUBLIC KEY BLOCK-----

Then copy this into the notepad and select Decrypt/verify. You should see a green box with text telling you the signature is valid and the name of it. You can also use that public key to encrypt messages, which is how you would with anyone else. You would export your private key and import it on your mobile key app if you wished to use it on there as well. Again deleting that key download file after import for security.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This is a signed message you can verify if you inport my public key, always make sure to copy the enture message including the --begin -- part
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQTPeMoMWvECY0lDLpYd98YHsQ9FzwUCZEhwzQAKCRAd98YHsQ9F
z/sUAP9XTvlfjPItAzD8JvoogL3kN8gf7XFCIDf63dlgyNe/vgD/ZzpJH1nwnaUZ
1bsS5Jsnl8DRi428Qdkkd1DcvbQQ5gE=
=3Y6G
-----END PGP SIGNATURE-----

Continuing with Encryption using a tool such as veracrypt you can create entire folders or USBs that are encrypted. I will be referencing veracrypt for this section as it is the only one I have used at length.
here is the link https://www.veracrypt.fr/en/Downloads.html
using this tool you can create an encrypted volume, set the amount of space you wish to allocate to it and then well fill it with anything and everything. You will first want to create a blank document (very important) as when you are going through the volume creation you will need a file to become said volume. In doing this that file and its contens will be destroyed you do not want to select anything that you are trying to encrypt and keep safe. Again it will destroy it, create a blank document and select it. Under encryption options I will again leave it to you if you wish to go off of the defaults ensure you are fully aware of what you are selecting, the defaults are very secure as they are, and I will not be covering Hidden volumes although it is a very cool thing. As always select a very strong password. Once created you will see the volume wherever the file was. To access the file you must mount it, same way a usb mounts or a cd does. In veracrypt select a drive such as F and select the file you wish to mount the volume you just made and hit mount. Once you have input the correct password you will now have a folder to store anything you wish to keep secured, photos, documents, etc. you can unmount and it will go back to being that file you see. This file can be moved and stored anywhere only requiring veracrypt to mount it. This means you can store these encrypted files in the cloud as an extra security layer when using proton drive, google drive, apple cloud.